k8s create clusterrole

README.md

apply ci-account.yaml

then get the token:

$k -n kube-system get secret $($k -n kube-system get secret | grep ci-user | awk '{print $1}') -o json | jq -r ".data.token" | base64 -d

Use the token to create your kubeconfig: my.kubeconfig

---
apiVersion: v1
clusters:
- cluster:
    server: "https://kube-server-url.com"
    certificate-authority-data: "LS0...="
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: ci-user
  name: ci-user-token
current-context: ci-user-token
kind: Config
preferences: {}
users:
- name: ci-user
  user:
    token: "ya-token"

ci-account.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ci-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: ci-user
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ci-user
  namespace: kube-system